This is the second in our series of insights that seek to explore and simplify the topic of SSL (and TLS) in web application hosting.
In our previous insight, we looked at the basics of SSL/TLS with analogy and top-level terminology; in this insight, we’ll expand on some of the many elements that make up SSL certificates and their differences.
Elements of an SSL Certificate
SSL Certificate
A digital certificate that authenticates a website’s identity and enables an encrypted connection, helping to secure data transfer between a server and a client.
Certificate Signing Request (CSR)
A block of encoded text containing information like organisation name and domain is submitted to a Certificate Authority to apply for an SSL certificate.
Private Key
A secret cryptographic key is used with a public key to encrypt and decrypt data, ensuring secure communication and authentication in various internet protocols.
Common Name (CN)
A component of the SSL certificate specifies the domain name to which the certificate is issued, serving as a critical identifier of the certificate’s subject.
Certificate Authority (CA)
An entity that issues digital certificates, such as SSL/TLS certificates, to organisations or individuals, verifying their identities and enabling secure communication.
Root Certificate
A top-level digital certificate issued by a trusted certificate authority forms the basis of a trust chain.
Intermediate Certificate
The trusted root issues a subordinate certificate specifically to issue end-entity certificates. It acts as a middleman between the trust of the root certificate and the end-entity (or leaf) certificate.
Subject Alternative Name (SAN)
A field in SSL/TLS certificates that allows multiple domain names to be protected by a single certificate, accommodating different hostnames or IP addresses.
Wildcard Certificate
Secures not only a primary domain but an unlimited number of its subdomains with a single certificate, using an asterisk as part of the domain name (e.g., *.example.com).
Extended Validation (EV) Certificate
Provides the highest level of SSL certificate validation, requiring thorough verification of the requesting entity’s legal and operational existence, enhancing trust and security.
Domain Validation (DV) Certificate
A type of SSL certificate where the Certificate Authority checks the right of the applicant to use a specific domain name, with less stringent verification compared to EV and OV certificates.
Organization Validation (OV) Certificate
A type of SSL certificate where the issuing authority validates the organisation’s identity and authenticity, providing a higher level of security assurance than DV certificates.
Certificate Revocation List (CRL)
A list of digital certificates revoked by the issuing Certificate Authority before their scheduled expiration, usually due to compromise or loss of private keys.
Keep updated with the latest from Pipe Ten by subscribing below.
More in the Simplifying SSL/TLS series
- SSL Basics – What is SSL?
- SSL Certificate Terminology
- EV vs DV vs OV vs FREE SSL Certificates
- Certificate Authorities and The Signing Process
- TLS and Versions
- Web Server Headers
- Mixed Content Warning
- Testing & Tools
Author: Carl Heaton
Carl is a founder of Pipe Ten and uses his role as Technical Director to drive the company’s vision to transform business online in delivering it’s mission to forge agile technical partnerships that accelerate web success. Carl boasts an illustrious career spanning over two decades, starting as a fledgling web developer in his teens, he swiftly ascended the ranks, honing his skills in architecting secure web application infrastructure. With his finger on the pulse of emerging web technologies, Carl has tracked and influenced the ever changing world of cyber security, internet governance, industry regulations and information security compliance ensuring Pipe Ten successfully achieved and maintain ISO/IEC 27001 certification.